WHAT'S NEW

Search form

Search

Security Flaws Exposed in Some EdTech Products

A new finding reveals that there may be lapses in security for some apps that are designed for student end users. As more schools require that students use sites and products to meet learning objectives, it becomes ever more important to examine potential security flaws.

Tony Porterfield is a software engineer who figured out some of these lapses by looking at the popular website Raz-Kids.com, a website containing hundreds of eBooks and quizzes to help students in all subject areas.

“As a software engineer, he was also curious about the site’s data security practices,” reports Natasha Singer of NYTimes. “And he was dismayed to discover that the site not only was unencrypted, but also stored passwords in plain text — security weaknesses that could potentially have allowed unauthorized users to gain access to details like students’ names, voice recordings or skill levels.”

According to Singer’s report, Porterfield did contact the website and offered his concerns but more than a year has passed and the same weaknesses remain.

“Contacted last week by a reporter, John Campbell, the chief executive of the Cambium Learning Group, the company behind Raz-Kids.com, said that his company took privacy very seriously and that the site did not store sensitive personal details like student addresses or phone numbers,” reported Singer.

Raz-Kids.com isn’t the only site that raises concerns, according to the article; Porterfield examined nearly 20 digital products from companies like Pearson and some have remedied their weaknesses while others have not.

“To help schools evaluate companies’ security practices, the Consortium for School Networking, a national association of school district chief technology officers, published a list of security questions last year for schools to ask before they sign purchase agreements with technology vendors,” reports Singer.

There are strides being made by some companies to fill the security holes for these websites and applications, however, if schools are able to use the questions provided by the Consortium for School they may be able to avoid working with companies that contain security flaws.